184491 matches found
PT-2026-50782
Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description pam usb provides hardware authentication for Linux using removable media. The software calls the xmlReadFile function with flags=0 when loading the configuration file, which allows libxml2 to process...
PT-2026-50744
Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.7.53 Description An authenticated administrator with backup permissions can download a ZIP archive containing the full installation root. This archive includes sensitive files such as user/accounts/admin.yaml, which...
PT-2026-50774
Name of the Vulnerable Software and Affected Versions AzeoTech DAQFactory versions prior to 21.2 Description A Type Confusion issue exists where an attacker can use specially crafted .ctl files to achieve arbitrary code execution. Type Confusion occurs when a program accesses a resource using a...
PT-2026-50685
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...
PT-2026-50673
UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...
PT-2026-50629
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replace file function. This makes i...
PT-2026-50478
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An authorization bypass exists in the calendar event update process. The endpoint '/api/v1/calendars/events/event id/update' validates that the user has write access to the calendar where the even...
PT-2026-50312
Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...
PT-2026-50218
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.155 Description A race condition in the Updater allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use of a...
PT-2026-50337
Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...
PT-2026-50437
Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager version 4.6.0.1 Description Use of a broken or risky cryptographic algorithm allows an unauthenticated attacker with remote access to potentially cause information disclosure and information tampering. Recommendations At...
PT-2026-50254
The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...
PT-2026-50558
In SignalRGB versions prior to 1.3.7.0, the .SignalIo device object is created without an explicit SDDL security descriptor and without FILE DEVICE SECURE OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and iss...
PT-2026-50188
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description An inappropriate implementation in WebView allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page....
PT-2026-50318
Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...
PT-2026-50536
Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...
PT-2026-50532
Name of the Vulnerable Software and Affected Versions Punto Switcher affected versions not specified Description An unquoted-path flaw allows the execution of attacker-placed code at the user's privilege level. This issue occurs during a call made by a signed Windows binary at launch, enabling...
PT-2026-50236
Name of the Vulnerable Software and Affected Versions Package Manager affected versions not specified Description A missing permission check in Package Manager allows for a device lock controller bypass. This issue enables local escalation of privilege without requiring additional execution...
PT-2026-50228
RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...
PT-2026-50314
Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...
PT-2026-50256
Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network attacker can obtain privileged information without requiring registration. This information disclosure occurs by using the Version command through the endpoint...
PT-2026-50257
Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network-based attacker can cause a Denial of Service DoS on the web interface of the device using a Slow Loris attack. This technique involves sending partial HTTP requests...
PT-2026-50412
Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...
PT-2026-50264
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
PT-2026-50239
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in the transfer function of the PackageInstaller.Session class within frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java allows for a memory...
PT-2026-50244
Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.7 Description An information disclosure issue exists where the edit context on a REST endpoint is not properly restricted by the edit users capability. This allows unauthenticated visitors to retrieve sensitive...
PT-2026-50248
Three NVIDIA NeMo vulnerabilities CVE-2026-24155, CVE-2026-24252, CVE-2026-24228 enable code execution. Update NeMo Framework to v2.7.3 now. NVIDIA NeMo CVE202624155 AISecurity InfoSec https://t.co/VykvC24Ed4 https://t.co/93wJfksSbS...
PT-2026-50225
In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-50263
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...
PT-2026-50582
Name of the Vulnerable Software and Affected Versions Drupal Formatter Field versions 0.0.0 through 2.0.0 Description Improperly controlled modification of dynamically-determined object attributes in the Formatter Field module allows for Object Injection. This occurs because the module stores dat...
PT-2026-50611
Name of the Vulnerable Software and Affected Versions Flag attendance field versions 0.0.0 through 1.2 Description An Object Injection issue exists in the Flag attendance field module due to the improper control of modification of dynamically-determined object attributes. The module stores data a...
PT-2026-50394
Name of the Vulnerable Software and Affected Versions Zephyr versions 1.7 through 4.4.0 Description The Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser in subsys/bluetooth/host/classic/hfp hf.c contains an out-of-bounds write. During Service Level Connection setup, the Hands-Free ...
PT-2026-50190
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in DigitalCredentials on Windows allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free occurs when an...
PT-2026-49776
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.26 Description An issue exists in hostname validation where trailing-dot notation in model or workspace-derived URLs can be used to bypass blocklist comparisons. This occurs because hostname checks treat hosts...
PT-2026-50089
Unauthenticated Local File Inclusion in Thegov Core 2.0.23 versions...
PT-2026-49972
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Agent Next Gen component of the Oracle Enterprise Manager Base Platform. A low privileged attacker wit...
PT-2026-49926
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Database User. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity...
PT-2026-49986
Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. An unauthenticated attacker with network access via JDENET can compromise th...
PT-2026-49866
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Mainframe Connectors. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
PT-2026-49927
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Generic Unix Connector. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise...
PT-2026-50164
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The safe eval expression function in the computed fields feature uses an AST Abstract Syntax Tree validator that only blocks attributes starting with an underscore. Because Python generator and fram...
PT-2026-50059
Name of the Vulnerable Software and Affected Versions Oracle Project Portfolio Analysis versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Project Portfolio Analysis product within Oracle E-Business Suite. A high privileged attacker with...
PT-2026-49985
Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. An unauthenticated attacker with network access via JDENET can compromise th...
PT-2026-49912
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture version 12.2.1.4.0 Oracle WebCenter Enterprise Capture version 14.1.2.0.0 Description An issue exists in the Client Bundle component of the Oracle WebCenter Enterprise Capture product within Oracle Fusion...
PT-2026-49968
Name of the Vulnerable Software and Affected Versions MySQL Router versions 9.0.0 through 9.7.0 Description An issue in the General component of MySQL Router allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation can lead to a complete...
PT-2026-50064
Name of the Vulnerable Software and Affected Versions Oracle Universal Work Queue versions 12.2.3 through 12.2.15 Description An issue exists in the Work Provider Site Level Administration component of the Oracle Universal Work Queue product within Oracle E-Business Suite. A low privileged attack...
PT-2026-49867
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
PT-2026-49817
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-50000
Name of the Vulnerable Software and Affected Versions Oracle JD Edwards EnterpriseOne General Ledger version 9.2 Description A flaw in the E1 Foundation component allows a low-privileged attacker with network access via SMB Server Message Block, a network file sharing protocol to compromise the...
PT-2026-49603
Name of the Vulnerable Software and Affected Versions Zyxel GS1900-48HPv2 versions prior to 2.90ABTQ.1C0 Description A stack-based buffer overflow exists in the CGI program. This flaw allows an unauthenticated attacker on the local area network LAN to potentially execute operating system commands...